Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/LQCCtVc6ZxcR2ZmmWPNDc4pIa_Y.roa
File:                     LQCCtVc6ZxcR2ZmmWPNDc4pIa_Y.roa (raw, json)
Hash identifier:          c0fge8C7CIKoSd4Qv86++FBUG992VBIIU7eCsCNcDhg=
Subject key identifier:   2D:00:82:B5:57:3A:67:17:11:D9:99:A6:58:F3:43:73:8A:48:6B:F6
Certificate issuer:       /CN=3b7ec9423bf90c81d22d94841c10357a54260379
Certificate serial:       018CC94E6B190F23EDBCF35FBE3EE0808FFE
Authority key identifier: 3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/LQCCtVc6ZxcR2ZmmWPNDc4pIa_Y.roa
Signing time:             Tue 02 Jan 2024 08:33:28 +0000
ROA not before:           Tue 02 Jan 2024 08:33:28 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62005
IP address blocks:        85.239.52.0/24 maxlen: 24
                          85.239.54.0/24 maxlen: 24
                          85.239.53.0/24 maxlen: 24
                          85.239.55.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 15 Jun 2024 11:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c9:4e:6b:19:0f:23:ed:bc:f3:5f:be:3e:e0:80:8f:fe
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=3b7ec9423bf90c81d22d94841c10357a54260379
        Validity
            Not Before: Jan  2 08:33:28 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=2d0082b5573a671711d999a658f343738a486bf6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:87:d7:b5:a2:75:b9:91:0a:d7:32:33:d1:a4:a9:
                    f2:e3:3e:b7:b0:8d:09:f4:b4:75:c2:74:20:72:75:
                    c5:a8:a5:6d:9f:eb:97:e0:68:ad:42:b8:96:14:68:
                    c8:7b:5d:66:29:30:0b:fa:af:bd:c9:25:3e:2b:7a:
                    72:5e:aa:f4:bb:0d:d2:15:e7:5f:b1:91:58:17:de:
                    6a:71:2d:16:87:8d:74:ea:9b:cf:53:4c:ef:43:11:
                    0c:eb:1c:62:00:f2:de:d2:fa:af:8b:ac:dc:2d:cf:
                    d1:38:1c:40:2b:37:89:27:c1:bc:7e:dc:9d:28:9b:
                    95:6d:51:b6:d3:f0:a4:ae:6e:eb:73:a9:6f:fb:46:
                    05:60:b7:3a:52:11:bf:19:e1:ee:d1:25:61:94:1d:
                    a9:dd:a3:74:da:da:1a:b3:0b:99:d0:95:be:8f:da:
                    e4:71:f1:d8:0f:0d:ff:ef:20:47:9c:7f:50:be:c4:
                    a1:bd:0d:5c:8e:8e:1f:bb:2c:c8:8b:a1:27:a0:2a:
                    b1:1b:2e:5f:73:64:ba:bc:72:63:26:5c:b3:b7:99:
                    9c:cf:f8:17:c0:b8:ee:8c:58:f0:bc:76:b2:cb:20:
                    7f:a7:95:71:a4:84:ef:cb:08:13:c5:ec:38:82:48:
                    b3:8a:2f:0d:70:1e:98:5b:cb:6a:51:37:20:2c:0d:
                    10:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:00:82:B5:57:3A:67:17:11:D9:99:A6:58:F3:43:73:8A:48:6B:F6
            X509v3 Authority Key Identifier:
                keyid:3B:7E:C9:42:3B:F9:0C:81:D2:2D:94:84:1C:10:35:7A:54:26:03:79

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/O37JQjv5DIHSLZSEHBA1elQmA3k.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/LQCCtVc6ZxcR2ZmmWPNDc4pIa_Y.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/8ea47f-eff3-4627-94ed-1d10f3c70bb4/1/O37JQjv5DIHSLZSEHBA1elQmA3k.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.239.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         97:3d:a6:5c:7f:ea:cd:ee:37:04:43:07:08:88:93:c9:a8:29:
         05:5d:c1:ac:1d:98:4f:ac:99:6c:33:6c:37:23:13:46:b8:31:
         d8:c1:a0:09:74:81:c4:20:7c:b7:22:ee:5e:ea:76:66:90:19:
         ef:75:07:42:a2:ed:6d:09:1d:a6:89:09:76:5a:8b:77:cd:f5:
         87:6d:32:18:ae:8c:c4:b2:b4:85:b8:ea:65:34:8b:5f:56:28:
         76:ac:0a:04:e4:87:dc:02:93:3a:57:9a:aa:74:af:ec:77:db:
         a7:10:ae:89:f0:54:fe:68:77:98:74:f4:e4:58:b7:df:ef:50:
         6b:cd:9b:72:c0:ec:1d:d4:b6:0b:b0:0d:f3:23:e5:13:d8:44:
         8c:9c:9e:64:f0:78:5e:cb:3e:0e:16:ac:a5:39:aa:e4:43:2d:
         c0:62:b0:bb:9c:82:fb:cb:6f:ec:1c:98:5d:a1:74:c6:12:e0:
         7c:c5:dd:50:65:44:5e:d9:96:7b:35:69:72:95:5c:5d:0f:68:
         ac:ff:ae:63:77:94:32:3f:ef:8b:56:a5:8b:f0:58:ad:e3:a4:
         7d:64:4d:43:8a:d8:1d:87:e6:49:1c:26:59:6a:65:ca:a0:18:
         94:2d:6c:ff:5c:d9:37:53:96:d8:11:7b:b2:06:05:6d:98:5f:
         71:96:b5:2f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzJTmsZDyPtvPNfvj7ggI/+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNiN2VjOTQyM2JmOTBjODFkMjJkOTQ4NDFjMTAzNTdhNTQy
NjAzNzkwHhcNMjQwMTAyMDgzMzI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZDAwODJiNTU3M2E2NzE3MTFkOTk5YTY1OGYzNDM3MzhhNDg2YmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9e1onW5kQrXMjPRpKny4z63sI0J
9LR1wnQgcnXFqKVtn+uX4GitQriWFGjIe11mKTAL+q+9ySU+K3pyXqr0uw3SFedf
sZFYF95qcS0Wh4106pvPU0zvQxEM6xxiAPLe0vqvi6zcLc/ROBxAKzeJJ8G8ftyd
KJuVbVG20/Ckrm7rc6lv+0YFYLc6UhG/GeHu0SVhlB2p3aN02toaswuZ0JW+j9rk
cfHYDw3/7yBHnH9QvsShvQ1cjo4fuyzIi6EnoCqxGy5fc2S6vHJjJlyzt5mcz/gX
wLjujFjwvHayyyB/p5VxpITvywgTxew4gkizii8NcB6YW8tqUTcgLA0QGQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFC0AgrVXOmcXEdmZpljzQ3OKSGv2MB8GA1UdIwQY
MBaAFDt+yUI7+QyB0i2UhBwQNXpUJgN5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTzM3SlFqdjVESUhTTFpTRUhCQTFlbFFtQTNrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84ZWE0N2YtZWZmMy00NjI3LTk0ZWQt
MWQxMGYzYzcwYmI0LzEvTFFDQ3RWYzZaeGNSMlptbVdQTkRjNHBJYV9ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84ZWE0N2YtZWZmMy00NjI3LTk0ZWQtMWQxMGYzYzcwYmI0
LzEvTzM3SlFqdjVESUhTTFpTRUhCQTFlbFFtQTNrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCVe80MA0G
CSqGSIb3DQEBCwUAA4IBAQCXPaZcf+rN7jcEQwcIiJPJqCkFXcGsHZhPrJlsM2w3
IxNGuDHYwaAJdIHEIHy3Iu5e6nZmkBnvdQdCou1tCR2miQl2Wot3zfWHbTIYrozE
srSFuOplNItfVih2rAoE5IfcApM6V5qqdK/sd9unEK6J8FT+aHeYdPTkWLff71Br
zZtywOwd1LYLsA3zI+UT2ESMnJ5k8Hheyz4OFqylOarkQy3AYrC7nIL7y2/sHJhd
oXTGEuB8xd1QZURe2ZZ7NWlylVxdD2is/65jd5QyP++LVqWL8Fit46R9ZE1Ditgd
h+ZJHCZZamXKoBiULWz/XNk3U5bYEXuyBgVtmF9xlrUv
-----END CERTIFICATE-----